(RHSA-2024:1557) Critical: Errata Advisory for Red Hat OpenShift Builds 1.0.1

2024-03-2805:28:46

access.redhat.com

critical

errata advisory

red hat openshift

cve-2023-48795

ssh

prefix truncation attack

binary packet protocol

cve-2023-49569

go-git

path traversal

rce

cve-2023-49568

dos

cvss score

references

unix

8.2 High

AI Score

Confidence

Low

0.962 High

EPSS

Percentile

99.5%

JSON

Red Hat OpenShift Builds 1.0.

Security Fix(es):

CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
CVE-2023-49569 go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
CVE-2023-49568 go-git: Maliciously crafted Git server replies can cause DoS on go-git clients

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.